File names visible when using storage filesystem


I want to use Vault in docker with the Filesystem Storage Backend. So I map a volume to /mnt/vault/data, everything works fine.

After adding some secrets, when I looked into the created files in /mappedFolder/logical/someGuid/secrets, I could see the secrets but with their plain names.

Is this just how the filesystem storage works? Is there a way to at least obscure these names?

No, you should not be able to see secrets. What is a plain name?
Can you share the output of tree and where you see a plaintext secret?

Where this is the volume mapping:

The content of the files there is encrypted. But I was surprised to see the secrets’ names when I looked into the files.

By “plain name” I mean the actual name where I save this, “secret.crt” in this case:
cat secret.crt | base64 | vault kv put -tls-skip-verify secret/certs/secret.crt value=-

Or am I using this incorrectly?

Or use integrated (aka Raft) storage.

1 Like

You’re right @kalafut, kv store version 2 does the trick.
Thanks a lot guys.